Lucene search
K

48 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 9:53 p.m.10 views

Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.9 views

Malicious code in @0xlr/vercel-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fda046018b2c121cb96e157cadce6d8aee695beb7086008140da0a9c6eebc938 On npm install, postinstall.js enumerates every process.env variable including credentials such as AWS, NPMTOKEN, GITHUBTOKEN and other CI tokens and...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5238 Malicious code in awaitly-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.12 views

Malicious code in eslint-plugin-executable-stories-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.13 views

Malicious code in autotel-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d9ead83772087e781dd41428b81aec15c104b5064f20f0c47e911025942bd01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.12 views

Malicious code in autotel-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7ed70ee4bddaee59149fdb7664c71d6efcc8c74cbd82bb652ed593b8d6a457d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.13 views

Malicious code in autotel-mcp-instrumentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c64859e391f8cefcdc5dd1b66f0364b7821a5dbc3f1493a5cfb4a168ad6a4cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.9 views

MAL-2026-5244 Malicious code in discord-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/05 12:53 a.m.8 views

MAL-2026-5214 Malicious code in autotel-aws (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/05 12:53 a.m.10 views

MAL-2026-5204 Malicious code in @ethlete/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/05 12:53 a.m.9 views

MAL-2026-5247 Malicious code in eslint-plugin-executable-stories-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.14 views

Malicious code in xmorse (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/04/29 12:0 p.m.5 views

MAL-2026-3182 Malicious code in redeem-onchain-sdk (npm)

redeem-onchain-sdk is a malicious npm package impersonating a Polymarket on-chain SDK. It collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and a month of git commit history, then ships everything over a raw TCP socket to an AWS-hosted C2. Two trigge...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/03/13 10:47 a.m.11 views

MAL-2026-1410 Malicious code in ighack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 889207a729f6b97c385d6c0afe217776d10331cdf7e5dd511f80e0d01e899842 Instagram hacking tool that besides abusing the Instagram API, also automatically uses user's credentials to follow hardcoded accounts. --- Category: MALICIOUS...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/12 4:23 p.m.5 views

Malicious Package

Overview vue-scoped-css is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The packa...

9.8CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder